Google thinks www.2hd.com.au is a Malware Server

Written by James McDonald

December 2, 2009

Update: 2hd.com.au appears to be clean now the .cn server script includes are gone and Google is no longer warning you off when you go there.

Just tried to visit 2hd.com.au and I get this in Google Chrome:

I went to netcraft.com and it appears 2hd are running Windows 2003 and IIS6.0. A recent article on the Sydney Morning Herald site describes something similar (A site serving malware from Chinese *.cn servers) happening to JB Hi-Fi and JB appears to be running FreeBSD and Apache 1.3.x. So OS isn’t a factor in this particular hack.

The JB Hi-Fi malware problem was reported to be due to a third party ad server being compromised and then the JB servers unwittingly serving links to the bogus ads. So I wouldn’t be suprised if www.2hd.com.au has something similar happening. Of course this is an assumption.

To use a phrase from Meet the Fockers. No matter how secure your own server/s may be, you still need to make sure the servers in your “circle of trust” can be trusted also.

I remember a friend who worked for an Internet Serving company used to spend several hours a day combing through logs looking for suspicious activity. Looks like that sort of methodical inspection is required to stay ahead of potential security problems.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…